Cyble researchers discovered more than 900,000 Internet-exposed Kubernetes clusters
that are at risk of being exploited in cyberattacks, most of which are located in the U.S., BleepingComputer
While most of the misconfigured Kubernetes instances return error code 403, removing the possibility of any attacks, nearly 5,000 instances were found to return error code 401 that indicates unauthorized requests, which could then be used by potential attackers to conduct more attacks, the report showed. Moreover, 799 Kubernetes instances had a status code 200, which could be exploited to obtain Kubernetes Dashboard access without the need for a password.
The findings come after a report from the Shadowserver Foundation revealed 381,645 unique IPs with error code 200, with Cyble noting that the different figures result from its use of open-source scanners and simple queries rather than Shadowserver's utilization of the whole IPv4 space.
"As we are not scanning complete IPv4 space like the shadow server and relying on intel that is in the open-source, the results we are getting are different from Shadowserver," said Cyble researchers.